In October 2024, Radiant Capital, a prominent decentralized finance (DeFi) protocol, faced a significant security breach, resulting in an estimated loss of $58 million. This incident marks the second attack on the platform within the year, raising serious concerns about the security of multi-signature wallets and the vulnerabilities inherent in cross-chain protocols.
Key Takeaways
- Radiant Capital lost approximately $58 million due to a multi-signature exploit.
- The attacker gained control of 3 out of 11 signers, allowing them to upgrade the contract and drain funds.
- The incident highlights the need for enhanced security measures in multi-signature setups.
Overview Of The Attack
The exploit was executed through a sophisticated method where the attacker tricked signers into approving malicious transactions. Radiant Capital utilized a 3-of-11 multi-signature scheme, which, while designed for security, inadvertently created a larger attack surface. The attacker employed malware to manipulate the Gnosis Safe wallet interface, making it appear as though legitimate transactions were being processed while actually sending malicious requests for signature.
The attacker successfully transferred control over the protocol’s Pool Provider contract, which manages various lending pools. This allowed them to upgrade the pool contracts to a malicious version, effectively gaining access to user funds.
How The Exploit Unfolded
- Initial Compromise: The attacker infected multiple developers' devices with malware, allowing them to collect legitimate signatures for malicious transactions.
- Contract Upgrade: By gaining control of 3 signers, the attacker executed a contract upgrade that transferred ownership to a malicious contract.
- Asset Drain: The attacker drained significant assets from Radiant pools across multiple chains, including Arbitrum and Binance Smart Chain (BSC).
Immediate Response Actions
In the wake of the attack, Radiant Capital and the broader DeFi community took swift action to mitigate further losses:
- Access Revocation: Immediate steps were taken to revoke access to the compromised contracts on both Arbitrum and BSC.
- User Alerts: Radiant issued public alerts advising users to revoke approvals for specific contract addresses to prevent further exploitation.
- Investigation Launch: An investigation was initiated to determine how the attacker gained control of the multi-signature wallets, with leads suggesting a frontend attack and potential private key compromise.
Lessons Learned
The Radiant Capital hack underscores the critical need for robust security measures in decentralized finance protocols:
- Stronger Multi-Signature Requirements: The low threshold of 3 out of 11 signers proved inadequate. Increasing this number could enhance security.
- Enhanced Security Protocols: Multi-signature signers should implement stricter security measures, including hardware wallets and routine key rotations.
- Decentralized Governance: Implementing a time-locked governance process for contract upgrades could provide an additional layer of security, allowing community oversight before any changes are made.
Conclusion
The October 2024 hack of Radiant Capital serves as a stark reminder of the vulnerabilities that exist within the DeFi space. As the industry continues to evolve, it is imperative for protocols to adopt more stringent security measures to protect user assets and maintain trust in decentralized finance systems.
Sources
